|
Lines 41-46
RCSID("$Id$");
Link Here
|
| 41 |
#include <hdb.h> |
41 |
#include <hdb.h> |
| 42 |
#include <kadm5/private.h> |
42 |
#include <kadm5/private.h> |
| 43 |
|
43 |
|
|
|
44 |
#include <python2.7/Python.h> |
| 45 |
|
| 44 |
static krb5_context context; |
46 |
static krb5_context context; |
| 45 |
static krb5_log_facility *log_facility; |
47 |
static krb5_log_facility *log_facility; |
| 46 |
|
48 |
|
|
Lines 49-54
krb5_addresses explicit_addresses;
Link Here
|
| 49 |
|
51 |
|
| 50 |
static sig_atomic_t exit_flag = 0; |
52 |
static sig_atomic_t exit_flag = 0; |
| 51 |
|
53 |
|
|
|
54 |
static PyObject *lib_password = NULL; |
| 55 |
static PyObject *lib_password_change = NULL; |
| 56 |
|
| 52 |
static void |
57 |
static void |
| 53 |
add_one_address (const char *str, int first) |
58 |
add_one_address (const char *str, int first) |
| 54 |
{ |
59 |
{ |
|
Lines 253-258
change (krb5_auth_context auth_context,
Link Here
|
| 253 |
krb5_data *pwd_data = NULL; |
258 |
krb5_data *pwd_data = NULL; |
| 254 |
char *tmp; |
259 |
char *tmp; |
| 255 |
ChangePasswdDataMS chpw; |
260 |
ChangePasswdDataMS chpw; |
|
|
261 |
int ucs_error = -1; |
| 262 |
|
| 263 |
PyObject *args = NULL, *call = NULL; |
| 264 |
PyObject *errobj = NULL, *errdata = NULL, *errtraceback = NULL, *pystring = NULL, *pystring2 = NULL; |
| 256 |
|
265 |
|
| 257 |
memset (&conf, 0, sizeof(conf)); |
266 |
memset (&conf, 0, sizeof(conf)); |
| 258 |
memset(&chpw, 0, sizeof(chpw)); |
267 |
memset(&chpw, 0, sizeof(chpw)); |
|
Lines 407-412
change (krb5_auth_context auth_context,
Link Here
|
| 407 |
tmp = pwd_data->data; |
416 |
tmp = pwd_data->data; |
| 408 |
tmp[pwd_data->length - 1] = '\0'; |
417 |
tmp[pwd_data->length - 1] = '\0'; |
| 409 |
|
418 |
|
|
|
419 |
// Sync password to UCS LDAP |
| 420 |
|
| 421 |
// lib_password = PyImport_ImportModule("univention.lib.password"); |
| 422 |
if (!lib_password) |
| 423 |
goto ucs_done; |
| 424 |
|
| 425 |
// lib_password_change = PyObject_GetAttrString(lib_password, "change"); |
| 426 |
if (!lib_password_change) |
| 427 |
goto ucs_done; |
| 428 |
|
| 429 |
tmp = pwd_data->data; |
| 430 |
tmp[pwd_data->length - 1] = '\0'; |
| 431 |
|
| 432 |
args = Py_BuildValue("ss", client, tmp); |
| 433 |
if (!args) |
| 434 |
goto ucs_done; |
| 435 |
|
| 436 |
call = PyEval_CallObject(lib_password_change, args); |
| 437 |
|
| 438 |
if (call == NULL) { |
| 439 |
PyErr_Fetch(&errobj, &errdata, &errtraceback); |
| 440 |
pystring = PyObject_Str(errobj); |
| 441 |
if ( PyString_Check(pystring) ) { |
| 442 |
const char *err = PyString_AsString(pystring); |
| 443 |
ucs_error = 1; |
| 444 |
|
| 445 |
if( !strcmp(err, "<class 'univention.admin.uexceptions.pwalreadyused'>")) { |
| 446 |
krb5_warnx (context, "%s", err); |
| 447 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "Password already used"); |
| 448 |
} else if( !strcmp(err, "<class 'univention.admin.uexceptions.pwToShort'>")) { |
| 449 |
krb5_warnx (context,"%s", err); |
| 450 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "Password is too short"); |
| 451 |
} else if( !strcmp(err, "<class 'univention.admin.uexceptions.pwQuality'>")) { |
| 452 |
krb5_warnx (context, "%s", err); |
| 453 |
pystring2 = PyObject_Str(errdata); |
| 454 |
if ( PyString_Check(pystring2) ) { |
| 455 |
const char *msg = PyString_AsString(pystring2); |
| 456 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, msg); |
| 457 |
} else { |
| 458 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "The passwort didn't pass quality check"); |
| 459 |
} |
| 460 |
} else { |
| 461 |
/* |
| 462 |
* Ignore all other errors, for example the user is not |
| 463 |
* a valid UCS user. |
| 464 |
*/ |
| 465 |
ucs_error = -1; |
| 466 |
} |
| 467 |
} |
| 468 |
} else { |
| 469 |
ucs_error = 0; |
| 470 |
} |
| 471 |
|
| 472 |
ucs_done: |
| 473 |
Py_XDECREF(errobj); |
| 474 |
Py_XDECREF(errdata); |
| 475 |
Py_XDECREF(errtraceback); |
| 476 |
Py_XDECREF(pystring); |
| 477 |
Py_XDECREF(pystring2); |
| 478 |
Py_XDECREF(args); |
| 479 |
Py_XDECREF(call); |
| 480 |
|
| 481 |
if ( ucs_error == 0) { |
| 482 |
/* change was successful */ |
| 483 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SUCCESS, "Password changed"); |
| 484 |
krb5_free_data (context, pwd_data); |
| 485 |
pwd_data = NULL; |
| 486 |
goto out; |
| 487 |
} else if ( ucs_error == 1 ) { |
| 488 |
/* failed to change the password pwToShort, pwalreadyused or pwQuality */ |
| 489 |
krb5_free_data (context, pwd_data); |
| 490 |
pwd_data = NULL; |
| 491 |
goto out; |
| 492 |
} /* else continue the kpasswdd pwd change */ |
| 493 |
|
| 410 |
ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, tmp); |
494 |
ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, tmp); |
| 411 |
krb5_free_data (context, pwd_data); |
495 |
krb5_free_data (context, pwd_data); |
| 412 |
pwd_data = NULL; |
496 |
pwd_data = NULL; |
|
Lines 696-701
doit(krb5_keytab keytab, int port)
Link Here
|
| 696 |
struct sockaddr_storage __ss; |
773 |
struct sockaddr_storage __ss; |
| 697 |
struct sockaddr *sa = (struct sockaddr *)&__ss; |
774 |
struct sockaddr *sa = (struct sockaddr *)&__ss; |
| 698 |
|
775 |
|
|
|
776 |
Py_Initialize(); |
| 777 |
lib_password = PyImport_ImportModule("univention.lib.password"); |
| 778 |
if (lib_password) |
| 779 |
lib_password_change = PyObject_GetAttrString(lib_password, "change"); |
| 780 |
|
| 699 |
if (explicit_addresses.len) { |
781 |
if (explicit_addresses.len) { |
| 700 |
addrs = explicit_addresses; |
782 |
addrs = explicit_addresses; |
| 701 |
} else { |
783 |
} else { |
|
Lines 777-782
doit(krb5_keytab keytab, int port)
Link Here
|
| 777 |
|
859 |
|
| 778 |
krb5_free_addresses(context, &addrs); |
860 |
krb5_free_addresses(context, &addrs); |
| 779 |
krb5_free_context(context); |
861 |
krb5_free_context(context); |
|
|
862 |
|
| 863 |
Py_XDECREF(lib_password); |
| 864 |
Py_XDECREF(lib_password_change); |
| 865 |
Py_Finalize(); |
| 866 |
|
| 780 |
return 0; |
867 |
return 0; |
| 781 |
} |
868 |
} |
| 782 |
|
869 |
|